Skip to content

Instantly share code, notes, and snippets.

@billerickson
Created August 17, 2012 15:30
Show Gist options
  • Save billerickson/3379905 to your computer and use it in GitHub Desktop.
Save billerickson/3379905 to your computer and use it in GitHub Desktop.
WordPress Security
WordPress is actually one of the most secure pieces of software available. It powers 17%
of the 1,000,000 most visited websites, so it is being constantly tested both internally
and by hackers. When an issue is discovered, an update is released which you can install
with one click in the dashboard.
The vast majority of hacked WordPress websites are running an out-of-date version of
WordPress. Once WordPress is updated, any vulnerabilities that are patched are now publicly
known, so old versions are vulnerable.
The next most likely source of hacking is your host. If your server isn't secure, it doesn't
matter how secure the software running on it is. On low-end shared hosts, once one site on
the server is hacked (usually due to running an old version of WordPress), all the other
sites are now vulnerable. So make sure you have a secure server you're running your site on.
Finally, the last source of hacks are insecure themes and plugins. Genesis is security
audited by WordPress' lead developer in charge of security, Mark Jaquith. And as an
experienced WordPress developer, the websites I build are secure because I take advantage
of WordPress' core features for ensuring security (sanitizing/validating data, using user
capabilities to limit access to certain functionality...).. The plugins I install on your
site will all be high quality, widely used, and frequently updated. When updates do come
out for the theme (Genesis) or plugins we have installed, I highly recommend updating for the
same reason you should always update WordPress.
So to summarize: WordPress is secure. The framework I use (Genesis) and the theme I build will
be secure. And the plugins I choose will be secure. It is your responsibility to keep these
up-to-date and to have a secure hosting environment.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment